DroopyCTF Walkthrough

Preparation:

Download the DroopyCTF virtual machine from the following website:

https://www.vulnhub.com/entry/droopy-v02,143/

1. Scan the network to find the IP address of the DroopyCTF server.

netdiscover -r 10.0.0.0/

2. Scan the DroopyCTF server using Nmap to find some potential vulnerabilities.

TCP Scan 1:

nmap -Pn -sS --stats-every 3m --max-retries  --max-scan-delay  --defeat-rst-ratelimit -T4 -p1- -oN /root/Delete/tcp1.txt 10.0.0.30

TCP Scan 2:

nmap -nvv -Pn- -sSV -p  --version-intensity  -A -oN /root/Delete/tcp2.txt 10.0.0.30

UDP Scan:

map -Pn --top-ports  -sU --stats-every 3m --max-retries  -T3 -oN /root/Delete/udp.txt 10.0.0.30

3. Browse the website(http://10.0.0.30/) through Firefox. Nothing valuable find in the source page.

Browse the website(http://10.0.0.30/robots.txt) through Firefox.

Browse the website(http://10.0.0.30/CHANGELOG.txt) through Firefox and try to find some vulnerabilities.

Try to find some exploit guider related to Drupal 7.0 in the Exploit Database. Download the exploit code

https://www.exploit-db.com/exploits/34992

We can also find some exploit titles on Kali Linux locally.

searchsploit drupal

We can also try to search for exploit modules related to drupal in Metasploit.

search drupal

4. Let's try to exploit the target server with Metasploit.

Use the exploit/multi/http/drupal_drupageddon module and show the information. It should be work.

Set the parameters and start to exploit. We have the shell.

Find the information of droopy server.

Try to find some exploit guider related to Linux Kernel 3.13.0 in the Exploit Database. Download the exploit code.

https://www.exploit-db.com/exploits/37292

Copy the code to the /var/www/html folder on Kali Linux, then download to the Droopy server.

Try to search the tty shell escapte cheat sheet on the Internet. https://netsec.ws/?p=337

python -c 'import pty; pty.spawn("/bin/sh")'

5. Download the exploit source code to /tmp folder on Droopy server. Compile and execute the exploit file.

Get the root privilege successfully.

OSCP Learning Notes - Capstone(3)的更多相关文章

  1. OSCP Learning Notes - Capstone(4)

    SickOS 1.2 Walkthrough Preparation: Down load the SickOS virtual machines from the following website ...

  2. OSCP Learning Notes - Capstone(2)

    BTRSys v2.1 Walkthrough Preparation: Download the BTRSys virtual machine from the following website: ...

  3. OSCP Learning Notes - Capstone(1)

    Kioptrix Level 1.1 Walkthrough Preparation: Download the virtual machine  from the following website ...

  4. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

  5. OSCP Learning Notes - Buffer Overflows(3)

    Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/ ...

  6. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

  7. OSCP Learning Notes - Buffer Overflows(1)

    Introduction to Buffer Overflows Anatomy of Memory Anatomy of the Stack Fuzzing Tools: Vulnserver -  ...

  8. OSCP Learning Notes - Netcat

    Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening ...

  9. OSCP Learning Notes - Enumeration(4)

    DNS Enumeration 1. Host Tool host is a simple utility for performing DNS lookups. It is normally use ...

随机推荐

  1. 浅谈HTTPS和HTTP

    1.HTTP和HTTPS的基本概念 HTTP:超文本传输协议,是互联网上应用最为广泛的一种网络协议,是一个客户端和服务端请求和应答的标准,用于WWW服务器传输超文本到本地浏览器的传输协议,它可以使浏览 ...

  2. web scraper无法解决爬虫问题?通通可以交给python!

    今天一位粉丝的需求所涉及的问题值得和大家分享分享~~~ 背景问题 是这样的,他看了公号里的关于web scraper的系列文章后,希望用它来爬取一个网站搜索关键词后的文章标题和链接,如下图 按照教程, ...

  3. 3.尚硅谷_MyBatis_HelloWorld.avi

    CREATE TABLE `tbl_employee` ( `id` int(11) NOT NULL AUTO_INCREMENT, `last_name` varchar(255) DEFAULT ...

  4. django python mange.py runserver 源码

    django python mange.py runserver 源码 入 口 mange.py文件 execute_from_command_line函数 输入参数为['manage.py', 'r ...

  5. 一起玩转微服务(13)——AOP

    一.什么是AOP编程 AOP: Aspect Oriented Programming 面向切面编程. 面向切面编程(也叫面向方面):Aspect Oriented Programming(AOP), ...

  6. 面试官:你刚说你喜欢研究新技术,那么请说说你对 Blazor 的了解

    阅读本文大概需要 1.5 分钟. 最近在几个微信 .NET 交流群里大家讨论比较频繁的话题就是这几天自己的面试经历. 面试官:"你刚说你喜欢研究新技术,那么你对 Blazor 了解多少?&q ...

  7. Laravel 如何在blade文件中使用Vue组件

    Laravel 如何在blade文件中使用Vue组件 1. 安装laravel/ui依赖包 composer require laravel/ui 2.生成vue基本脚手架 php artisan u ...

  8. TreeMap实现

  9. webpack4.X + react搭建

    环境准备工作:windows7.webStorm 2017.1.4.Nodejs 8.7.0.npm 5.4.2 PS:安装的时我们都带上版本,这样即便webpack版本发生变化,也不会出现版本问题. ...

  10. JavaScript基础数组的字面声名法(010)

    1.两种方法的对比 数组在JavaScript中,就像大多数的其它语言 一样,是对象.我们可以使用JavaScript内置的数组构造函数Array()来创建数组.就象对象的字面声名法一样,数组也可以采 ...